ProtonMail goes in-depth about how Gmail blocked emails coming from its services after an attacker used a DKIM replay attack to target Proton.
On 1 December 2021, we began receiving sporadic reports of delivery failures from protonmail.com addresses to Gmail. This corresponded with a dramatic decline in protonmail.com’s domain reputation as seen via Gmail Postmaster Tools and an increase in sending from known bad IP addresses.
. . .
We suspected a DKIM replay attack, where a single spam email originally sent from ProtonMail was being resent to many Gmail users in an attempt to exploit our deliverability and reputation to get around Google’s anti-spam measures. At one point, roughly 98% of the emails Gmail received that claimed to be from ProtonMail were actually spam, meaning the spammers were sending an amount of emails that was equivalent to 50 times our normal outgoing traffic to Google.
The ProtonMail blog post discusses what DKIM replay attacks are, what allows them, and what can be done to mitigate them.